[main] #聲明realm permReam=cn.learn.shiro.PermissionRealm #注冊realm到securityManager中 securityManager.realms=$permReam package cn.learn.shiro;import org.apache.shiro.authc.*; import org.apache.shiro.authz.AuthorizationInfo; import org.apache.shiro.authz.SimpleAuthorizationInfo; import org.apache.shiro.realm.AuthorizingRealm; import org.apache.shiro.subject.PrincipalCollection;import java.util.ArrayList; import java.util.List;/*** 自定義realms對象* 繼承AuthorizingRealm* 重寫方法* doGetAuthorizationInfo：授權* 獲取到用戶的授權數據（用戶的權限數據）* doGetAuthenticationInfo：認證* 根據用戶名密碼登錄，將用戶數據保存（安全數據）**/ public class PermissionRealm extends AuthorizingRealm {/*** 自定義realm名稱*/public void setName(String name) {super.setName("permissionRealm");}//授權:授權的主要目的就是根據認證數據獲取到用戶的權限信息/*** principalCollection：包含了所有已認證的安全數據* AuthorizationInfoInfo：授權數據*/protected AuthorizationInfo doGetAuthorizationInfo(PrincipalCollection principalCollection) {System.out.println("執行授權方法");//1.獲取安全數據 username，用戶idString username = (String)principalCollection.getPrimaryPrincipal();//2.根據id或者名稱查詢用戶//3.查詢用戶的角色和權限信息List<String> perms = new ArrayList<>();perms.add("user:save");perms.add("user:update");List<String> roles = new ArrayList<>();roles.add("role1");roles.add("role2");//4.構造返回SimpleAuthorizationInfo info = new SimpleAuthorizationInfo();//設置權限集合info.addStringPermissions(perms);//設置角色集合info.addRoles(roles);return info;}//認證：認證的主要目的，比較用戶名和密碼是否與數據庫中的一致//將安全數據存入到shiro進行保管//參數：authenticationToken登錄構造的usernamepasswordtokenprotected AuthenticationInfo doGetAuthenticationInfo(AuthenticationToken authenticationToken) throws AuthenticationException {System.out.println("執行認證方法");//1.構造uptokenUsernamePasswordToken upToken = (UsernamePasswordToken) authenticationToken;//2.獲取輸入的用戶名密碼String username = upToken.getUsername();String password = new String(upToken.getPassword());//3.根據用戶名查詢數據庫，正式系統查詢//4.比較密碼和數據庫中的密碼是否一致（密碼可能需要加密）if("123456".equals(password)) {//5.如果成功，向shiro存入安全數據SimpleAuthenticationInfo info = new SimpleAuthenticationInfo(username,password,getName());//1.安全數據，2.密碼。3。當前realm域名稱return info;}else{//6.失敗，拋出異常或返回nullthrow new RuntimeException("用戶名或密碼錯誤");}} } package cn.learn.shiro;import org.apache.shiro.SecurityUtils; import org.apache.shiro.authc.UsernamePasswordToken; import org.apache.shiro.config.IniSecurityManagerFactory; import org.apache.shiro.mgt.SecurityManager; import org.apache.shiro.subject.Subject; import org.apache.shiro.util.Factory; import org.junit.Before; import org.junit.Test;public class ShiroTest03 {private SecurityManager securityManager;@Beforepublic void init() {//1.根據配置文件創建SecurityManagerFactoryFactory<SecurityManager> factory = new IniSecurityManagerFactory("classpath:shiro-test-3.ini");//2.通過工廠獲取SecurityManagerSecurityManager securityManager = factory.getInstance();//3.將SecurityManager綁定到當前運行環境SecurityUtils.setSecurityManager(securityManager);}@Testpublic void testLogin() {Subject subject = SecurityUtils.getSubject();String username = "zhangsan";String password = "123456";UsernamePasswordToken token = new UsernamePasswordToken(username,password);//執行login-->realm域中的認證方法subject.login(token);//授權：-->realm域中的授權方法System.out.println(subject.hasRole("role1"));System.out.println(subject.isPermitted("user:save"));}}

?

總結

以上是生活随笔為你收集整理的shiro认证与授权：自定义realm的全部內容，希望文章能夠幫你解決所遇到的問題。

如果覺得生活随笔網站內容還不錯，歡迎將生活随笔推薦給好友。